15.1、原理步骤
- 注册:注册时,将用户密码加密放入数据库
- 登录:登录时,将用户密码采用上述相同的算法加密,之后再与数据库中的信息进行比对,若相同,则登录
15.2、实现(这里采用了SHA256算法,其他摘要算法MD5/SHA1/MAC类似)
注意:这里的程序是在我之前写的一个maven+spring+springmvc+mybatis+velocity整合的文章上进行的修改,具体的框架搭建以及数据库表结构等就不再啰嗦了,自己参考下边这篇博客:
http://www.cnblogs.com/java-zhao/p/5096811.html
这里只列出Java类。整个代码结构如下:
UserController
1 package com.xxx.web;
2
3 import org.springframework.beans.factory.annotation.Autowired;
4 import org.springframework.stereotype.Controller;
5 import org.springframework.web.bind.annotation.RequestMapping;
6 import org.springframework.web.bind.annotation.RequestParam;
7 import org.springframework.web.bind.annotation.ResponseBody;
8 import org.springframework.web.servlet.ModelAndView;
9
10 import com.xxx.model.User;
11 import com.xxx.service.UserService;
12
13 @Controller
14 @RequestMapping("user")
15 public class UserController {
16
17 @Autowired
18 private UserService userService;
19
20 @ResponseBody
21 @RequestMapping("register")
22 public boolean register(@RequestParam("username") String username,
23 @RequestParam("password") String password){
24
25 return userService.register(username, password);
26 }
27
28 @RequestMapping("login")
29 public ModelAndView login(@RequestParam("username") String username,
30 @RequestParam("password") String password){
31 User user = userService.login(username, password);
32
33 ModelAndView modelAndView = new ModelAndView();
34 if(user == null){
35 modelAndView.addObject("message", "用户不存在或者密码错误!请重新输入");
36 modelAndView.setViewName("error");
37 }else{
38 modelAndView.addObject("user", user);
39 modelAndView.setViewName("userinfo");
40 }
41
42 return modelAndView;
43 }
44 }
UserService(这里是加解密的主战场)
1 package com.xxx.service;
2
3 import java.io.UnsupportedEncodingException;
4 import java.security.NoSuchAlgorithmException;
5
6 import org.springframework.beans.factory.annotation.Autowired;
7 import org.springframework.stereotype.Service;
8
9 import com.util.encoder.ShaEncoder;
10 import com.xxx.dao.UserDAO;
11 import com.xxx.model.User;
12
13 @Service
14 public class UserService {
15
16 @Autowired
17 private UserDAO userDao;
18
19 public boolean register(String username, String password){
20 User user = new User();
21 user.setUsername(username);
22 try {
23 user.setPassword(ShaEncoder.encodeSHAHex(password));//对密码进行sha256加密
24 } catch (NoSuchAlgorithmException e) {
25 e.printStackTrace();
26 } catch (UnsupportedEncodingException e) {
27 e.printStackTrace();
28 }
29 return userDao.register(user);
30 }
31
32 public User login(String username, String password) {
33 User user = null;
34 try {
35 user = userDao.login(username, ShaEncoder.encodeSHAHex(password));//对密码进行sha256加密
36 } catch (NoSuchAlgorithmException e) {
37 e.printStackTrace();
38 } catch (UnsupportedEncodingException e) {
39 e.printStackTrace();
40 }
41 return user;
42 }
43 }
UserDAO
1 package com.xxx.dao;
2
3 import org.springframework.beans.factory.annotation.Autowired;
4 import org.springframework.stereotype.Repository;
5
6 import com.xxx.mapper.UserMapper;
7 import com.xxx.model.User;
8
9 @Repository
10 public class UserDAO {
11
12 @Autowired
13 private UserMapper userMapper;
14
15 public boolean register(User user){
16 return userMapper.insertUser(user)==1?true:false;
17 }
18
19 public User login(String username ,String password){
20 return userMapper.selectByUsernameAndPwd(username, password);
21 }
22 }
UserMapper
1 package com.xxx.mapper;
2
3 import org.apache.ibatis.annotations.Insert;
4 import org.apache.ibatis.annotations.Param;
5 import org.apache.ibatis.annotations.Result;
6 import org.apache.ibatis.annotations.Results;
7 import org.apache.ibatis.annotations.Select;
8
9 import com.xxx.model.User;
10
11 public interface UserMapper {
12
13 @Insert("INSERT INTO userinfo(username, password) VALUES(#{username},#{password})")
14 public int insertUser(User user);
15
16 @Select("SELECT * FROM userinfo WHERE username = #{username} AND password = #{password}")
17 @Results(value = { @Result(id = true, column = "id", property = "id"),
18 @Result(column = "username", property = "username"),
19 @Result(column = "password", property = "password")})
20 public User selectByUsernameAndPwd(@Param("username")String username ,@Param("password")String password);
21 }
ShaEncoder(这里基于Commons Codec,即CC实现的Sha256工具类)
1 package com.util.encoder;
2
3 import java.io.UnsupportedEncodingException;
4 import java.security.NoSuchAlgorithmException;
5 import org.apache.commons.codec.digest.DigestUtils;
6
7 public class ShaEncoder {
8 private static final String ENCODING = "UTF-8";
9
10 public static String encodeSHAHex(String data) throws NoSuchAlgorithmException,UnsupportedEncodingException {
11 return new String(DigestUtils.sha256Hex(data.getBytes(ENCODING)));
12 }
13 }
代码简单易懂,自己去看逻辑,然后进行测试即可。
当然我们还可以在上述代码的基础上,为密码加一点盐(即用一个字符串与密码相连),然后对加盐后的字符串进行加密。代码如下:
1 package com.xxx.service;
2
3 import java.io.UnsupportedEncodingException;
4 import java.security.NoSuchAlgorithmException;
5
6 import org.springframework.beans.factory.annotation.Autowired;
7 import org.springframework.stereotype.Service;
8
9 import com.util.encoder.ShaEncoder;
10 import com.xxx.dao.UserDAO;
11 import com.xxx.model.User;
12
13 @Service
14 public class UserService {
15
16 private static final String SALT = "nana";//盐
17
18 @Autowired
19 private UserDAO userDao;
20
21 public boolean register(String username, String password){
22 User user = new User();
23 user.setUsername(username);
24 try {
25 user.setPassword(ShaEncoder.encodeSHAHex(SALT+password));//对加盐的密码进行sha256加密
26 } catch (NoSuchAlgorithmException e) {
27 e.printStackTrace();
28 } catch (UnsupportedEncodingException e) {
29 e.printStackTrace();
30 }
31 return userDao.register(user);
32 }
33
34 public User login(String username, String password) {
35 User user = null;
36 try {
37 user = userDao.login(username, ShaEncoder.encodeSHAHex(SALT+password));//对加盐的密码进行sha256加密
38 } catch (NoSuchAlgorithmException e) {
39 e.printStackTrace();
40 } catch (UnsupportedEncodingException e) {
41 e.printStackTrace();
42 }
43 return user;
44 }
45 }